Vulnerability Details CVE-2020-2263
Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2020-2263
-
cpe:2.3:a:jenkins:radiator_view:1.14
-
cpe:2.3:a:jenkins:radiator_view:1.15
-
cpe:2.3:a:jenkins:radiator_view:1.16
-
cpe:2.3:a:jenkins:radiator_view:1.17
-
cpe:2.3:a:jenkins:radiator_view:1.18
-
cpe:2.3:a:jenkins:radiator_view:1.19
-
cpe:2.3:a:jenkins:radiator_view:1.20
-
cpe:2.3:a:jenkins:radiator_view:1.21
-
cpe:2.3:a:jenkins:radiator_view:1.22
-
cpe:2.3:a:jenkins:radiator_view:1.23
-
cpe:2.3:a:jenkins:radiator_view:1.24
-
cpe:2.3:a:jenkins:radiator_view:1.25
-
cpe:2.3:a:jenkins:radiator_view:1.26
-
cpe:2.3:a:jenkins:radiator_view:1.28
-
cpe:2.3:a:jenkins:radiator_view:1.29